Hackers ‘Weaponising’ Business’s Excel Documents

As part of a new phasing campaign aimed at infiltrating corporate networks, employees, particularly at financial organisations, have been targeted using weaponised Excel documents.

ZD Net reports that the hacking campaign, dubbed MirrorBlast, was first discovered in September by cybersecurity firm ET Labs, leading to the attack being analysed by another cybersecurity company Morphisec, which has reported its findings in a blog post.

According to the post, malicious Excel files used in the hack are particularly dangerous due to the fact that they can bypass malware detection systems. The documents contain ‘extremely lightweight’ embedded macros, and attackers have switched from using newer VBA macros to legacy XLM macros in order to bypass anti-malware systems.

While the macros are disabled by default in the Microsoft Office suite of software, cybercriminals have been tricking users into enabling them with some very clever social engineering.

Morphisec believes that the Russia-based cybercriminal organisation TA505 is behind the spate of attacks due to similarities in the attacks chain, the GetandGo functional being used by the malware, the final payload, and the domain pattern.

TA505 has been active since at least 2014 and the group is known for frequently changing its malware to avoid detection. 

However, the microcode used by MirrorBlast can only be executed on the 32-bit version of Microsoft Office due to a lack of compatibility with ActiveX objects.

The macro executes JavaScript code to see if a computer is running in administrator mode before launching msiexec.exe which is used to download and install an MSI package.

If you’re looking for managed IT services in Colchester, talk to us today.

Let’s have a chat

Whether you want a complete shake-up of your current IT services or an answer to simple question, SYS3 are always happy to help. Contact us today for a free, no obligation chat about your requirements.

  • Simplify your IT
  • Reduce your spending
  • Increase reliability
  • Enjoy no-contract, unrivalled support across Essex and Suffolk

We know moving IT services can be a daunting task but we promise it’s much easier than you think. When you’re ready to talk, we’re here, happy to help

0345 313 1919
[email protected]

Get in touch

    Our Other Services

    Backing up is VITAL!

    Backing up should be everyones top priority. All too often we see businesses decide to start backing up the wrong side of a costly hard drive disaster or data breach.

    With viruses and malware now capable of causing so much, often irreversible, damage, a substantial backup is imperative. If you’re infected with ransomware, a recent backup often the only way to get you back up and running.

    Why offsite backup and not a removable hard drive?

    Preferably both! But never just a hard drive. Why? Hard drives can fail. It’s as simple as that. Ransomware infections can also creep onto hard drives if they’re left plugged into an infected machine. 

    ​SYS3 use the most reliable and intelligent backup solutions on the market to ensure that our customers’ data is kept secure.

    Why buy your hardware from SYS3?

    Years ago, SYS3 started out by building and supplying custom computer hardware. We know our stuff.

    We keep up with the latest in technology so we are able to provide our customers with the best possible equipment without breaking the bank. Whether you need a new server, laptop, printer or network switch, we’ll always provide you with a variety of options and recommendations to suit your business needs.

    The more advanced technology becomes, the more advanced the bad guys become. Gone are the days when attackers were easy to spot in a badly worded email.

    ​Did you know you can get an infection just by hovering your mouse over a dodgy website banner? Worse? Traditional antivirus products cannot protect you against everything.

    ​Human error is still largely responsible for infections and viruses but that doesn’t mean you shouldn’t have the best protection possible to safeguard your employees and ultimately, your business.

    ​Partnered with Heimdal, SYS3 provide market-leading protection that is proactive, not reactive like traditional antivirus.


    Spam email makes up 70% of ALL email traffic across the world and social engineering means scammers can directly target key employees. Is your job title on social media?

    Over 60% of breaches are caused by human error. Are you confident that your staff are fully trained to spot email-borne threats and avoid falling victim?

    How SYS3 can help

    Just one click has the potential to grind your entire business to a halt and generate a costly bill to put right. What makes things worse is that email viruses are now incredibly clever, highly convincing, and can be very difficult to spot.

    ​Our priority is to make sure our customers are supported and protected as much as possible. 99% of our customers have adopted our mail filtering service and it comes highly recommended. It’s the first line of defence and a vital tool.


    Proud To Be Working With